View Full Version : Can't Run Spybot or start any program even in safe mode.
Smithbro
2009-09-07, 17:48
Hey Ken545 and everyone else. I downloaded Skype 3.8 on my older laptop from a link given to me by Skype and it killed my laptop. I was able to initially remove what I thought was everything with SB and Malwarebytes and it seemed to run fine for 2 days. Then this morning when booting up it came up with the stupid Police Pro, porn links, and Anti-Virus crap sites. Tried running safe-mode removals with my feeble mind and no progress. Thanks for being here! (Sending you this from my desktop)
Hi,
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Smithbro
2009-09-08, 20:49
Thanks for getting back to me. But, I can't even get online! I think desote.exe is in there and won't let me start ANY programs. Again, I am contacting you through my desktop, my laptop is the problem... I am able to run in any of the choices of safe modes.
Rick
Hi,
Could you transfer files to your laptop by downloading them first on desktop pc?
Smithbro
2009-09-09, 02:30
Sure. Most likely you will have to walk me through the transfer though, i.e. burn to cd or direct wire.
Thanks
If you have removable USB drive then it can be used after treating it properly first.
1. Download Flash_Disinfector (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe) and save it to desktop of your clean system.
2. After downloading, double-click on Flash_Disinfector to run it.
3. Just follow the prompts and continue until it begin scanning.
4. If asked to insert your flash drive or any removable device including USB Pen Drive and Memory Stick, please do so.
5. It will scan removable drives, wait for the scan to finish. Done.
Then you can transfer the tools to the usb drive. Alternatively, you can burn the CD.
Smithbro
2009-09-09, 17:38
Done with FD! Next.....
Thanks
Do you have USB stick to which you can store the tools and copy to other system? Any friend there who can assist with transfer if you have problems with it?
Smithbro
2009-09-09, 20:05
Yes flash in the USB port, cleaned and ready. No one here but me, so lets see what we can do.
Thanks
Smithbro
2009-09-09, 20:40
Got SB SD running in safe mode!!!!!!!! Don't know how I did it but it's scanning and putting infected files in vault. I will wait on your next suggestion.......
Smithbro
2009-09-09, 21:51
Online and downloaded GMER, running scan, will post for you when done.
Good :)
Next, let's see that tool transferring. Have you downloaded GMER and DDS to desktop of your clean computer yet?
If so, have flash drive plugged in and open it thru "my computer". Now just drag'n'drop those GMER and DDS files from desktop to that flash drive. Then you have to plug flash drive to your infected system and drag those tool files to its desktop. If all went well you should have those tools ready for run.
EDIT: Looks like you posted while I was writing :D:
Shall wait for the reports.
Smithbro
2009-09-09, 22:06
GMER 1.0.15.15077 [gs0prxms.exe] - http://www.gmer.net
Rootkit scan 2009-09-09 16:01:01
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code 84E559BE ZwEnumerateKey
Code 84E3EB2E ZwFlushInstructionCache
Code 84E3E0A5 IofCallDriver
Code 84EA082D IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 84E3E0AA
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 84EA0832
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 84E559C2
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 84E3EB32
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] WININET.dll!HttpAddRequestHeadersA 3D94CF40 5 Bytes JMP 00FD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 010D000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D529A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00D527E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D527C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D527A0
.text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003D000A
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0067000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] WININET.dll!HttpAddRequestHeadersA 3D94CF40 5 Bytes JMP 00FE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 010D000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D929A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00D927E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D927C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D927A0
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0069000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1332] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D529A0 \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1332] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00D527E0 \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1332] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D527C0 \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll
.text C:\WINDOWS\system32\ctfmon.exe[1412] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0091000A
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B9000A
.text C:\Program Files\AVG\AVG8\avgui.exe[1852] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CE000A
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\Iexplore.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\SKYNETfpfvkloo.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [316] 0x10000000
Library \\?\globalroot\systemroot\system32\UACcmhqkmiteo.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [316] 0x00F30000
Library \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [828] 0x03350000
Library \\?\globalroot\systemroot\system32\UACavkhfiurrl.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [828] 0x037E0000
Library \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [940] 0x00940000
Library \\?\globalroot\systemroot\system32\SKYNETfpfvkloo.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1052] 0x10000000
Library \\?\globalroot\systemroot\system32\UACcmhqkmiteo.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1052] 0x00F40000
Library \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1128] 0x00940000
Library \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1228] 0x00980000
Library \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1324] 0x00840000
Library \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [1332] 0x00D40000
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\SKYNETqaqgkvrn.sys (*** hidden *** ) [SYSTEM] SKYNETwruwpuhr <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\UACbqwbrnkvdu.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr@imagepath \systemroot\system32\drivers\SKYNETqaqgkvrn.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\main@aid 10096
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETqaqgkvrn.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\modules@SKYNETcmd.dll \systemroot\system32\SKYNETpetymoto.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\modules@SKYNETlog.dat \systemroot\system32\SKYNETirrfuirw.dat
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\modules@SKYNETwsp.dll \systemroot\system32\SKYNETbwnlghon.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\modules@SKYNET.dat \systemroot\system32\SKYNETipgvitud.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACbqwbrnkvdu.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACbqwbrnkvdu.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACossfodjeuo.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACwqvpoamkwb.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacav \\?\globalroot\systemroot\system32\UACavkhfiurrl.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACcmhqkmiteo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr@imagepath \systemroot\system32\drivers\SKYNETqaqgkvrn.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\main@aid 10096
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\main\injector@* SKYNETwsp8.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETqaqgkvrn.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\modules@SKYNETcmd.dll \systemroot\system32\SKYNETpetymoto.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\modules@SKYNETlog.dat \systemroot\system32\SKYNETirrfuirw.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\modules@SKYNETwsp.dll \systemroot\system32\SKYNETbwnlghon.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\modules@SKYNET.dat \systemroot\system32\SKYNETipgvitud.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\modules@SKYNETwsp8.dll \systemroot\system32\SKYNETfpfvkloo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACbqwbrnkvdu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACbqwbrnkvdu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACossfodjeuo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACwqvpoamkwb.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacav \\?\globalroot\systemroot\system32\UACavkhfiurrl.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACcmhqkmiteo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr@imagepath \systemroot\system32\drivers\SKYNETqaqgkvrn.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\main@aid 10096
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETqaqgkvrn.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\modules@SKYNETcmd.dll \systemroot\system32\SKYNETpetymoto.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\modules@SKYNETlog.dat \systemroot\system32\SKYNETirrfuirw.dat
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\modules@SKYNETwsp.dll \systemroot\system32\SKYNETbwnlghon.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\modules@SKYNET.dat \systemroot\system32\SKYNETipgvitud.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACbqwbrnkvdu.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACbqwbrnkvdu.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACossfodjeuo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACwqvpoamkwb.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacav \\?\globalroot\systemroot\system32\UACavkhfiurrl.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACcmhqkmiteo.dll
Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.5@ UAAddressBookBttn Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.5\CLSID@ {C0E10003-001C-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.5@ UAButton Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.5\CLSID@ {C0E10003-0007-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.5@ UACheckBox Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.5\CLSID@ {C0E10003-0013-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.5@ UADropDown Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.5\CLSID@ {C0E10003-000A-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.5@ UAEdit Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.5\CLSID@ {C0E10003-0023-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.5@ UAGalleryBttn Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.5\CLSID@ {C0E10003-0010-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.5@ UAGallery Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.5\CLSID@ {C0E10003-0019-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.5@ UAGraphicDropDown Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.5\CLSID@ {C0E10003-0026-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.5@ UAHelp Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.5\CLSID@ {C0E10003-002F-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.5@ UAPartsList Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.5\CLSID@ {C0E10003-000D-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.5@ UARadioButton Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.5\CLSID@ {C0E10003-0016-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.5@ UAScrapBookBttn Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.5\CLSID@ {C0E10003-001F-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.5@ UAText Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.5\CLSID@ {C0E10003-002C-0005-C0E1-C0E1C0E1C0E1}
---- Files - GMER 1.0.15 ----
File C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\zh_TW.lproj\PropPanelHelpersLocalized.qtr 4096 bytes executable
File C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\pt_PT.lproj\QuickTimeImageLocalized.qtr 22528 bytes executable
---- EOF - GMER 1.0.15 ----
Smithbro
2009-09-09, 22:16
DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Administrator at 16:08:44.10 on Wed 09/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.445.103 [GMT -4:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\gs0prxms.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\Documents and Settings\Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.dell4me.com/myway
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: ICQSys (IE PlugIn): {76dc0b63-1533-4ba9-8be8-d59eb676fa02} - c:\windows\system32\dddesot.dll
BHO: {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: urssq - c:\windows\system32\urssq.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ei2u9tij.default\
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
============= SERVICES / DRIVERS ===============
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-29 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-29 335240]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-29 27784]
S2 AntipPro2009_100;AntipyProex;c:\windows\svchasts.exe --> c:\windows\svchasts.exe [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-29 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-29 297752]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getplus_helpersvc.exe --> c:\program files\nos\bin\getPlus_HelperSvc.exe [?]
=============== Created Last 30 ================
2009-09-09 14:10 <DIR> --dsh--- c:\documents and settings\administrator\PrivacIE
2009-09-07 21:11 <DIR> --dsh--- c:\documents and settings\administrator\IETldCache
2009-09-07 12:47 <DIR> --d----- c:\documents and settings\administrator\WINDOWS
2009-09-07 12:47 <DIR> --d----- c:\documents and settings\Administrator
2009-09-07 10:01 4 a------- c:\windows\system32\bincd32.dat
2009-09-07 09:31 <DIR> --d----- c:\program files\Protection System
2009-09-07 09:19 1,382 a------- c:\windows\system32\onhelp.htm
2009-09-07 09:03 58 a------- c:\windows\ppp4.dat
2009-09-07 09:03 1 a------- c:\windows\ppp3.dat
2009-09-07 09:03 87 a------- c:\windows\system32\sonhelp.htm
2009-09-07 09:03 36 a------- c:\windows\system32\sysnet.dat
2009-09-07 09:03 9 a------- c:\windows\system32\bennuar.old
2009-09-07 09:03 <DIR> --d----- c:\program files\Windows Police Pro
2009-09-05 23:47 <DIR> --d----- c:\program files\KnightHop
2009-09-05 23:32 <DIR> --d----- c:\program files\Safer Networking
2009-08-28 21:11 4,658,584 a----r-- c:\windows\system32\drivers\lvuvc.sys
2009-08-12 13:11 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 13:11 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-11 22:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Borland
2009-08-11 10:42 336,896 a------- c:\windows\system32\iehelpmod.dll
2009-08-11 10:42 <DIR> --d----- c:\program files\common files\TSCUninstall
2009-08-11 10:42 <DIR> --d----- c:\program files\TSC
==================== Find3M ====================
2009-09-05 18:33 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-09-05 18:32 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-08-16 15:50 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-16 15:50 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-07-12 12:21 4,874,240 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-12 12:21 233,472 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2005-11-22 21:08 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
2005-12-21 14:56 332,209 a--sh--- c:\windows\system32\qssru.bak1
2007-08-27 20:45 1,542,380 a--sh--- c:\windows\system32\qssru.bak2
============= FINISH: 16:10:40.05 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/9/2005 4:15:02 AM
System Uptime: 9/9/2009 2:08:05 PM (2 hours ago)
Motherboard: Quanta Computer | | Inspiron 1000
Processor: Mobile Intel(R) Celeron(R) CPU 2.20GHz | Socket 478/423 | 2191/mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 35 GiB total, 24.714 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
Amazon MP3 Downloader 1.0.5
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
Belkin 54g USB Network Adapter
Belkin 54Mbps Wireless Network Adapter
Bonjour
BroadJump Client Foundation
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon i850
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator 2.0
Canon MP450
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Dell Digital Jukebox Driver
Dell System Restore
Easy-WebPrint
Get High Speed Internet!
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Diagnostic Assistant
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Knight Hop v1.0
Learn2 Player (Uninstall Only)
Logitech MouseWare 9.79
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Publisher for Windows 95
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 4.0
Modem Helper
Modem on Hold
Motorola Driver Installation 3.7.0
Motorola Phone Tools
Motorola Software Update
Mozilla Firefox (3.0.13)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Olympus Digital Wave Player
Overland
Palm Desktop
PowerDVD 5.1
QuickBooks Pro Edition 2003
QuickTime
RealPlayer Basic
RegAlyzer
RunAlyzer
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Shockwave
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
Spybot - Search & Destroy
TweetDeck
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Police Pro
Windows XP Service Pack 3
WordPerfect Office 12
==== Event Viewer Messages From Past Week ========
9/7/2009 12:37:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/7/2009 11:17:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
9/7/2009 11:05:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/7/2009 11:05:17 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/5/2009 8:44:01 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
9/5/2009 8:40:43 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952506
9/5/2009 6:33:23 PM, error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
9/5/2009 6:33:23 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952506 (0x8007277A).
9/5/2009 6:33:23 PM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/2/2009 9:09:30 AM, error: System Error [1003] - Error code 100000d1, parameter1 e1c53000, parameter2 00000002, parameter3 00000000, parameter4 f1956e85.
==== End Of File ===========================
Smithbro
2009-09-10, 00:40
AVG 8.5 Anti-Virus command line scanner
Copyright (c) 1992 - 2009 AVG Technologies
Program version 8.0.401, engine 8.0.408
Virus Database: Version 270.13.82/2351 2009-09-07
\\?\globalroot\systemroot\system32\UAClidqiqmkto.dll Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\WINDOWS\SYSTEM32\svchost.exe (1128) Virus found Win32/Cryptor Object was moved to Virus Vault.
\\?\globalroot\systemroot\system32\UACcmhqkmiteo.dll Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\Program Files\Internet Explorer\iexplore.exe (1372) Virus found Win32/Cryptor Object was moved to Virus Vault.
\\?\globalroot\systemroot\system32\UACcmhqkmiteo.dll Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\Program Files\Internet Explorer\iexplore.exe (1332) Virus found Win32/Cryptor Object was moved to Virus Vault.
\\?\globalroot\systemroot\system32\UAClidqiqmkto.dll Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\Program Files\Mozilla Firefox\firefox.exe (564) Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\WINDOWS\system32\desote.exe Adware Generic4.LPF Object was moved to Virus Vault.
HKCR\exefile\shell\open\command\\ Found registry key with reference to file C:\WINDOWS\system32\desote.exe Object was healed.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ei2u9tij.default\parent.lock Locked file. Not tested.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ei2u9tij.default\places.sqlite-journal Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{37C083A2-9D6D-11DE-92EC-001CDFA04829}.dat Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{37C083A3-9D6D-11DE-92EC-001CDFA04829}.dat Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Temp\etilqs_bITnZHdJcn5blfFU2dcV Locked file. Not tested.
C:\Documents and Settings\Administrator\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Administrator\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Locked file. Not tested.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\LocalService\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll.dmp Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\Prefetch\layout.ini Locked file. Not tested.
C:\WINDOWS\svchasts.exe Potentially harmful program Fake_AntiSpyware.DFZ Object was moved to Virus Vault.
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Locked file. Not tested.
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Locked file. Not tested.
C:\WINDOWS\SYSTEM32\CONFIG\SAM Locked file. Not tested.
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Locked file. Not tested.
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Locked file. Not tested.
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Locked file. Not tested.
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Locked file. Not tested.
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Locked file. Not tested.
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Locked file. Not tested.
C:\WINDOWS\SYSTEM32\dddesot.dll Trojan horse BHO.JOM Object was moved to Virus Vault.
C:\WINDOWS\SYSTEM32\wscsvc32.exe Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\WINDOWS\Temp\Installer.exe Virus found Win32/Cryptor Object was moved to Virus Vault.
------------------------------------------------------------
Objects scanned : 186349
Found infections : 11
Found PUPs : 2
Healed infections : 11
Healed PUPs : 2
Warnings : 0
------------------------------------------------------------
Hi,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Since you have Malwarebytes' Anti-Malware installed there, update its definitions and run a full scan with it. Post back the report.
Smithbro
2009-09-10, 19:49
ComboFix 09-09-09.09 - Rick 09/10/2009 13:17.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.445.259 [GMT -4:00]
Running from: c:\documents and settings\Rick\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\anan.ban
c:\documents and settings\All Users\Documents\duzejyhyd.bin
c:\documents and settings\Rick\Application Data\acahysuxum.dl
c:\documents and settings\Rick\Application Data\yvudopuz.bin
c:\documents and settings\Rick\Cookies\awokewice._dl
c:\documents and settings\Rick\Cookies\odebaxive.scr
c:\documents and settings\Rick\Cookies\zimukewo.dl
c:\documents and settings\Rick\Local Settings\Application Data\ezefaxulen.scr
c:\documents and settings\Rick\Local Settings\Application Data\kivytiw.bin
c:\documents and settings\Rick\Local Settings\Temporary Internet Files\ubobapym._sy
c:\documents and settings\Rick\Local Settings\Temporary Internet Files\vuzybawemi._dl
c:\documents and settings\Rick\My Documents\ZbThumbnail.info
c:\documents and settings\Rick\Uhaul .wps
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\Windows Police Pro\tmp\dbsinit.exe
c:\program files\Windows Police Pro\tmp\images\i1.gif
c:\program files\Windows Police Pro\tmp\images\i2.gif
c:\program files\Windows Police Pro\tmp\images\i3.gif
c:\program files\Windows Police Pro\tmp\images\j1.gif
c:\program files\Windows Police Pro\tmp\images\j2.gif
c:\program files\Windows Police Pro\tmp\images\j3.gif
c:\program files\Windows Police Pro\tmp\images\jj1.gif
c:\program files\Windows Police Pro\tmp\images\jj2.gif
c:\program files\Windows Police Pro\tmp\images\jj3.gif
c:\program files\Windows Police Pro\tmp\images\l1.gif
c:\program files\Windows Police Pro\tmp\images\l2.gif
c:\program files\Windows Police Pro\tmp\images\l3.gif
c:\program files\Windows Police Pro\tmp\images\pix.gif
c:\program files\Windows Police Pro\tmp\images\t1.gif
c:\program files\Windows Police Pro\tmp\images\t2.gif
c:\program files\Windows Police Pro\tmp\images\up1.gif
c:\program files\Windows Police Pro\tmp\images\up2.gif
c:\program files\Windows Police Pro\tmp\images\w1.gif
c:\program files\Windows Police Pro\tmp\images\w11.gif
c:\program files\Windows Police Pro\tmp\images\w2.gif
c:\program files\Windows Police Pro\tmp\images\w3.gif
c:\program files\Windows Police Pro\tmp\images\w3.jpg
c:\program files\Windows Police Pro\tmp\images\wt1.gif
c:\program files\Windows Police Pro\tmp\images\wt2.gif
c:\program files\Windows Police Pro\tmp\images\wt3.gif
c:\program files\Windows Police Pro\tmp\wispex.html
c:\program files\Windows Police Pro\windows Police Pro.exe
c:\recycler\NPROTECT
c:\windows\asiboqi.exe
c:\windows\epikosuvyv.vbs
c:\windows\huborow.scr
c:\windows\nake.reg
c:\windows\okix.bat
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\system32\auprpbpa.ini
c:\windows\system32\bennuar.old
c:\windows\system32\bincd32.dat
c:\windows\system32\E95THK16.EXE
c:\windows\system32\encapi32.dll
c:\windows\system32\ewiqkywj.ini
c:\windows\SYSTEM32\ieHElpmod.dll
c:\windows\system32\isezit.reg
c:\windows\system32\nizoluw.sys
c:\windows\system32\onhelp.htm
c:\windows\SYSTEM32\qssru.bak1
c:\windows\SYSTEM32\qssru.bak2
c:\windows\SYSTEM32\qssru.ini
c:\windows\system32\rihamudoj.vbs
c:\windows\system32\SKYNETipgvitud.dat
c:\windows\system32\SKYNETirrfuirw.dat
c:\windows\system32\sonhelp.htm
c:\windows\system32\sysnet.dat
c:\windows\system32\wisdstr.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\tygyf.dl
c:\windows\vonozofyto.scr
c:\windows\yvamydu.pif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ANTIPPRO2009_100
-------\Legacy_SKYNETwruwpuhr
-------\Legacy_UACd.sys
-------\Service_AntipPro2009_100
-------\Service_SKYNETwruwpuhr
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.
2009-09-10 14:55 . 2009-09-10 14:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-10 05:37 . 2009-09-10 05:37 13577 ----a-w- c:\windows\fukaxoki.com
2009-09-10 05:37 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-10 05:29 . 2009-09-10 05:39 -------- d-----w- c:\program files\AntivirusPro_2010
2009-09-10 05:19 . 2009-09-10 05:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-09-09 19:19 . 2009-09-09 19:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2009-09-09 18:19 . 2009-09-09 18:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-09-09 18:10 . 2009-09-09 18:10 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-08 01:11 . 2009-09-08 01:11 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-06 03:56 . 2009-09-06 03:56 -------- d-----w- c:\documents and settings\Rick\Application Data\Safer Networking
2009-09-06 03:47 . 2009-09-10 15:17 -------- d-----w- c:\program files\KnightHop
2009-09-06 03:32 . 2009-09-06 03:35 -------- d-----w- c:\program files\Safer Networking
2009-09-04 12:39 . 2009-09-04 12:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-01 13:45 . 2009-09-01 13:45 -------- d-----w- c:\documents and settings\Rick\Local Settings\Application Data\Downloaded Installations
2009-08-29 01:11 . 2008-07-26 15:26 4658584 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2009-08-29 01:11 . 2008-07-26 15:26 465432 ----a-r- c:\windows\system32\LVUI2RC.dll
2009-08-29 01:11 . 2008-07-26 15:26 41752 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2009-08-29 01:11 . 2008-07-26 15:26 490008 ----a-r- c:\windows\system32\LVUI2.dll
2009-08-29 01:11 . 2008-07-26 15:23 195096 ----a-r- c:\windows\system32\lvci11801048.dll
2009-08-29 01:11 . 2008-07-26 15:23 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2009-08-29 01:11 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-08-29 01:11 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-08-29 01:11 . 2008-07-26 15:26 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2009-08-29 00:58 . 2009-09-01 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-08-29 00:58 . 2009-08-29 01:11 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-08-29 00:58 . 2009-08-29 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-08-12 17:11 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 02:19 . 2009-08-12 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Borland
2009-08-11 22:33 . 2009-08-11 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-08-11 22:29 . 2009-08-11 22:29 -------- d-----w- c:\documents and settings\Owner\LOCALS~1
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 00:34 . 2009-01-25 19:49 -------- d-----w- c:\documents and settings\Rick\Application Data\skypePM
2009-09-05 22:33 . 2009-08-29 01:12 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-09-05 22:32 . 2009-08-29 01:11 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-09-04 03:04 . 2009-01-25 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-04 00:24 . 2009-08-11 14:42 -------- d-----w- c:\program files\TSC
2009-09-01 13:45 . 2005-12-12 23:14 -------- d-----w- c:\program files\Common Files\Logitech
2009-08-29 00:58 . 2005-12-12 23:14 -------- d-----w- c:\program files\Logitech
2009-08-16 19:50 . 2008-12-29 04:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 19:50 . 2008-12-29 04:56 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 19:50 . 2008-12-29 04:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-13 15:25 . 2009-06-12 18:53 -------- d-----w- c:\program files\Opera 10 Beta
2009-08-13 14:58 . 2009-01-24 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-12 02:55 . 2005-02-09 02:11 66864 ----a-w- c:\documents and settings\Rick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 14:42 . 2009-08-11 14:42 -------- d-----w- c:\program files\Common Files\TSCUninstall
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 02:09 . 2005-12-26 00:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-24 04:08 . 2004-10-06 03:40 -------- d-----w- c:\program files\MUSICMATCH
2009-07-24 04:08 . 2004-10-06 03:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-24 03:09 . 2009-07-24 03:09 -------- d-----w- c:\documents and settings\Rick\Application Data\Amazon
2009-07-24 03:06 . 2009-07-24 03:06 -------- d-----w- c:\program files\Amazon
2009-07-22 11:58 . 2009-07-22 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-22 02:34 . 2009-07-22 02:34 -------- d-----w- c:\program files\NOS
2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 16:21 . 2004-08-04 10:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 10:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 10:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 10:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 10:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 10:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-17 15:27 . 2009-06-18 23:23 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-06-18 23:23 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2005-11-23 01:08 . 2005-10-02 12:58 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-02-02 155648]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-05-12 249856]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832]
"F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-31 1654784]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-11-19 88363]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]
c:\documents and settings\Rick\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2005-2-8 233472]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-3-20 118784]
Utility Tray.lnk - c:\windows\SYSTEM32\sistray.exe [2004-10-5 335872]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 19:50 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135649015\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135649015\\ee\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [12/29/2008 12:56 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [12/29/2008 12:56 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/29/2008 12:55 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/29/2008 12:55 AM 297752]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\ziv3fga5.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc838.mail.yahoo.com/mc/welcome?action=&YY=1714853569&ymv=0&noFlush&mcrumb=Fke9xVmcaVv#_pg=showFolder&fid=Inbox&order=down&tt=7&pSize=25&ymv=0&.rand=1491067721&.jsrand=8429800
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Aim6 - (no file)
HKLM-Run-PCMService - c:\program files\Dell\Media Experience\PCMService.exe
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
Notify-urssq - c:\windows\system32\urssq.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 13:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(636)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-10 13:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 17:37
Pre-Run: 25,879,330,816 bytes free
Post-Run: 26,435,260,416 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
326 --- E O F --- 2009-09-10 07:09
Shall wait for Malwarebytes' Anti-Malware report & fresh dds log before giving further instructions :)
Smithbro
2009-09-10, 23:55
Malwarebytes' Anti-Malware 1.38
Database version: 2306
Windows 5.1.2600 Service Pack 3
9/10/2009 5:29:49 PM
mbam-log-2009-09-10 (17-29-34).txt
Scan type: Full Scan (C:\|)
Objects scanned: 138993
Time elapsed: 1 hour(s), 17 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP2\A0001006.dll (Trojan.TDSS) -> No action taken.
DDS (Ver_09-07-30.01) - NTFSx86
Run by Rick at 17:49:18.95 on Thu 09/10/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.445.106 [GMT -4:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\WINDOWS\SYSTEM32\sistray.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rick\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - No File
BHO: {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
StartupFolder: c:\documents and settings\rick\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\rick\applic~1\mozilla\firefox\profiles\ziv3fga5.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc838.mail.yahoo.com/mc/welcome?action=&YY=1714853569&ymv=0&noFlush&mcrumb=Fke9xVmcaVv#_pg=showFolder&fid=Inbox&order=down&tt=7&pSize=25&ymv=0&.rand=1491067721&.jsrand=8429800
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-29 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-29 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-29 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-29 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-29 297752]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getplus_helpersvc.exe --> c:\program files\nos\bin\getPlus_HelperSvc.exe [?]
=============== Created Last 30 ================
2009-09-10 13:15 <DIR> a-dshr-- C:\cmdcons
2009-09-10 13:14 230,912 a------- c:\windows\PEV.exe
2009-09-10 13:14 161,792 a------- c:\windows\SWREG.exe
2009-09-10 13:14 98,816 a------- c:\windows\sed.exe
2009-09-10 03:08 671 a------- c:\windows\system32\MRT.INI
2009-09-10 01:37 17,869 a------- c:\windows\ymate.lib
2009-09-10 01:37 15,610 a------- c:\windows\system32\abywaduk.lib
2009-09-10 01:37 13,577 a------- c:\windows\fukaxoki.com
2009-09-10 01:37 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-10 01:29 <DIR> --d----- c:\program files\AntivirusPro_2010
2009-09-05 23:56 <DIR> --d----- c:\docume~1\rick\applic~1\Safer Networking
2009-09-05 23:47 <DIR> --d----- c:\program files\KnightHop
2009-09-05 23:32 <DIR> --d----- c:\program files\Safer Networking
2009-08-28 21:11 4,658,584 a----r-- c:\windows\system32\drivers\lvuvc.sys
2009-08-12 13:11 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 13:11 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-11 22:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Borland
==================== Find3M ====================
2009-09-05 18:33 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-09-05 18:32 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-08-16 15:50 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-16 15:50 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-07-12 12:21 4,874,240 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-12 12:21 233,472 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-22 02:44 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2005-11-22 21:08 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 17:50:36.21 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/9/2005 4:15:02 AM
System Uptime: 9/10/2009 5:36:06 PM (0 hours ago)
Motherboard: Quanta Computer | | Inspiron 1000
Processor: Mobile Intel(R) Celeron(R) CPU 2.20GHz | Socket 478/423 | 2191/mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 35 GiB total, 24.641 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 9/10/2009 2:01:02 AM - System Checkpoint
RP2: 9/10/2009 3:00:23 AM - Software Distribution Service 3.0
==== Installed Programs ======================
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
Amazon MP3 Downloader 1.0.5
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
Belkin 54g USB Network Adapter
Belkin 54Mbps Wireless Network Adapter
Bonjour
BroadJump Client Foundation
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon i850
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator 2.0
Canon MP450
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Dell Digital Jukebox Driver
Dell System Restore
Easy-WebPrint
Get High Speed Internet!
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Diagnostic Assistant
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Logitech MouseWare 9.79
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Publisher for Windows 95
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 4.0
Modem Helper
Modem on Hold
Motorola Driver Installation 3.7.0
Motorola Phone Tools
Motorola Software Update
Mozilla Firefox (3.0.14)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Olympus Digital Wave Player
Overland
Palm Desktop
PowerDVD 5.1
QuickBooks Pro Edition 2003
QuickTime
RealPlayer Basic
RegAlyzer
RunAlyzer
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Shockwave
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
Spybot - Search & Destroy
TweetDeck
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Police Pro
Windows XP Service Pack 3
WordPerfect Office 12
==== Event Viewer Messages From Past Week ========
9/7/2009 12:37:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/7/2009 11:17:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
9/7/2009 11:05:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/7/2009 11:05:17 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/5/2009 8:45:00 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
9/5/2009 8:40:43 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952506
9/5/2009 6:33:23 PM, error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
9/5/2009 6:33:23 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952506 (0x8007277A).
9/5/2009 6:33:23 PM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/10/2009 11:06:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 Beep cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
9/10/2009 11:04:29 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
9/10/2009 1:31:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
9/10/2009 1:23:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG Free8 E-mail Scanner service to connect.
9/10/2009 1:23:07 AM, error: Service Control Manager [7000] - The AVG Free8 E-mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/10/2009 1:23:07 AM, error: Service Control Manager [7000] - The AntipyProex service failed to start due to the following error: The system cannot find the file specified.
9/10/2009 1:16:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
9/10/2009 1:13:42 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================
Smithbro
2009-09-11, 00:01
Thanks Blade for your help! Question: Am I supposed to delete and dump the infected files when Malwarebytes finds them (I have been doing this)? AVG has also been popping up with it's Resident Shield too with infections (dumped that too)....... The posted logs shown are after above processes. ;-)
Question: Am I supposed to delete and dump the infected files when Malwarebytes finds them (I have been doing this)?
Yes.
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer
Open notepad and copy/paste the text in the quotebox below into it:
File::
c:\windows\fukaxoki.com
Folder::
c:\program files\TSC
c:\program files\Common Files\TSCUninstall
DDS::
uURLSearchHooks: H - No File
BHO: {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - No File
BHO: {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Uninstall old Adobe Reader versions and get the latest one (9.1 + updates 9.1.2 & 9.1.3) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Uninstall Shockwave and get the fresh one here (http://get.adobe.com/shockwave/) if needed.
Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 16 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
Smithbro
2009-09-12, 20:57
Note: ComboFix did take right at 21 minutes to reboot, (fingers started tapping) then another 8 or so minutes to post log.
: Also, a new version of ComboFix window came up and I closed it without install.
: After removing and installing new software, I cannot locate the Combo file.... For some reason I may have not saved it correctly, I apologize. Be happy to run a new CF if you need.
: Still have Virus Pro shortcut on desktop and in program list.
I think that's about it......
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, September 12, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, September 12, 2009 04:56:46
Records in database: 2782556
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 65520
Threats found: 5
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 03:48:08
File name / Threat / Threats count
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\27FA1E44 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\530D2002 Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\710F37D9 Infected: Trojan.Win32.BHO.hj 1
C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\windows Police Pro.exe.vir Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.kn 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\wisdstr.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.fmd 1
Selected area has been scanned.
DDS (Ver_09-07-30.01) - NTFSx86
Run by Rick at 14:43:26.51 on Sat 09/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.445.55 [GMT -4:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\WINDOWS\SYSTEM32\sistray.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Documents and Settings\Rick\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\documents and settings\rick\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\rick\startm~1\programs\startup\sdktra~1.lnk - c:\sun\sdk\jdk\bin\javaw.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\rick\applic~1\mozilla\firefox\profiles\ziv3fga5.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc838.mail.yahoo.com/mc/welcome?action=&YY=1714853569&ymv=0&noFlush&mcrumb=Fke9xVmcaVv#_pg=showFolder&fid=Inbox&order=down&tt=7&pSize=25&ymv=0&.rand=1491067721&.jsrand=8429800
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\rick\application data\mozilla\firefox\profiles\ziv3fga5.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-29 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-29 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-29 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-29 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-29 297752]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]
=============== Created Last 30 ================
2009-09-11 22:34 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 22:34 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-11 21:32 23,108 a------- c:\windows\system32\productregistry
2009-09-11 21:29 <DIR> --d----- C:\Sun
2009-09-10 13:15 <DIR> a-dshr-- C:\cmdcons
2009-09-10 13:14 230,912 a------- c:\windows\PEV.exe
2009-09-10 13:14 161,792 a------- c:\windows\SWREG.exe
2009-09-10 13:14 98,816 a------- c:\windows\sed.exe
2009-09-10 03:08 671 a------- c:\windows\system32\MRT.INI
2009-09-10 01:37 17,869 a------- c:\windows\ymate.lib
2009-09-10 01:37 15,610 a------- c:\windows\system32\abywaduk.lib
2009-09-10 01:37 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-10 01:29 <DIR> --d----- c:\program files\AntivirusPro_2010
2009-09-05 23:56 <DIR> --d----- c:\docume~1\rick\applic~1\Safer Networking
2009-09-05 23:47 <DIR> --d----- c:\program files\KnightHop
2009-09-05 23:32 <DIR> --d----- c:\program files\Safer Networking
2009-08-28 21:11 4,658,584 a----r-- c:\windows\system32\drivers\lvuvc.sys
==================== Find3M ====================
2009-09-05 18:33 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-09-05 18:32 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-08-16 15:50 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-16 15:50 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-07-12 12:21 4,874,240 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-12 12:21 233,472 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 09:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-22 02:44 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2005-11-22 21:08 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 14:44:44.50 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/9/2005 4:15:02 AM
System Uptime: 9/11/2009 10:38:55 PM (16 hours ago)
Motherboard: Quanta Computer | | Inspiron 1000
Processor: Mobile Intel(R) Celeron(R) CPU 2.20GHz | Socket 478/423 | 2191/mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 35 GiB total, 23.514 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 9/10/2009 2:01:02 AM - System Checkpoint
RP2: 9/10/2009 3:00:23 AM - Software Distribution Service 3.0
RP3: 9/11/2009 5:17:29 PM - Removed Adobe Reader 7.0
RP4: 9/11/2009 5:38:41 PM - Installed Adobe Reader 9.1.
RP5: 9/11/2009 9:19:47 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP6: 9/11/2009 10:33:18 PM - Installed Java(TM) 6 Update 14
RP7: 9/11/2009 10:52:41 PM - Installed Java(TM) 6 Update 15
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
Amazon MP3 Downloader 1.0.5
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
Belkin 54g USB Network Adapter
Belkin 54Mbps Wireless Network Adapter
Bonjour
BroadJump Client Foundation
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon i850
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator 2.0
Canon MP450
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Dell Digital Jukebox Driver
Dell System Restore
Easy-WebPrint
Get High Speed Internet!
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Diagnostic Assistant
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java Platform, Enterprise Edition 5 SDK
Java(TM) 6 Update 15
Learn2 Player (Uninstall Only)
Logitech MouseWare 9.79
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Publisher for Windows 95
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 4.0
Modem Helper
Modem on Hold
Motorola Driver Installation 3.7.0
Motorola Phone Tools
Motorola Software Update
Mozilla Firefox (3.0.14)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Olympus Digital Wave Player
Overland
Palm Desktop
PowerDVD 5.1
QuickBooks Pro Edition 2003
QuickTime
RealPlayer Basic
RegAlyzer
RunAlyzer
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
Spybot - Search & Destroy
TweetDeck
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Police Pro
Windows XP Service Pack 3
WordPerfect Office 12
==== Event Viewer Messages From Past Week ========
9/7/2009 12:37:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/7/2009 11:17:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
9/7/2009 11:05:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/7/2009 11:05:17 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/5/2009 8:45:27 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
9/5/2009 8:40:43 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952506
9/5/2009 6:33:23 PM, error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
9/5/2009 6:33:23 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952506 (0x8007277A).
9/5/2009 6:33:23 PM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/11/2009 5:01:34 PM, error: Service Control Manager [7022] - The Process Monitor service hung on starting.
9/10/2009 11:06:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 Beep cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
9/10/2009 11:04:29 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
9/10/2009 1:31:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
9/10/2009 1:23:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG Free8 E-mail Scanner service to connect.
9/10/2009 1:23:07 AM, error: Service Control Manager [7000] - The AVG Free8 E-mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/10/2009 1:23:07 AM, error: Service Control Manager [7000] - The AntipyProex service failed to start due to the following error: The system cannot find the file specified.
9/10/2009 1:16:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
9/10/2009 1:13:42 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================
May not be able to get back to you til tomorrow, football game tonight.
Thanks again for your patience.
Rick
Hi Rick,
If you can't find new ComboFix.txt log file then run ComboFix again (let it update itself too).
Smithbro
2009-09-13, 22:08
ComboFix 09-09-13.04 - Rick 09/13/2009 15:19.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.445.143 [GMT -4:00]
Running from: c:\documents and settings\Rick\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Rick\Desktop\AntivirusPro_2010.lnk
c:\documents and settings\Rick\Local Settings\Application Data\qisu._sy
c:\documents and settings\Rick\Start Menu\Programs\AntivirusPro_2010
c:\documents and settings\Rick\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\Rick\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\program files\AntivirusPro_2010\AVEngn.dll
c:\program files\AntivirusPro_2010\data\daily.cvd
c:\program files\AntivirusPro_2010\htmlayout.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\AntivirusPro_2010\pthreadVC2.dll
c:\program files\AntivirusPro_2010\wscui.cpl
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 )))))))))))))))))))))))))))))))
.
2009-09-12 02:34 . 2009-07-25 09:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-12 01:29 . 2009-09-12 01:29 -------- d-----w- C:\Sun
2009-09-10 14:55 . 2009-09-10 14:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-10 05:37 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-10 05:19 . 2009-09-10 05:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-09-09 19:19 . 2009-09-09 19:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2009-09-09 18:19 . 2009-09-09 18:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-09-09 18:10 . 2009-09-09 18:10 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-08 01:11 . 2009-09-08 01:11 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-06 03:56 . 2009-09-06 03:56 -------- d-----w- c:\documents and settings\Rick\Application Data\Safer Networking
2009-09-06 03:47 . 2009-09-10 15:17 -------- d-----w- c:\program files\KnightHop
2009-09-06 03:32 . 2009-09-06 03:35 -------- d-----w- c:\program files\Safer Networking
2009-09-04 12:39 . 2009-09-04 12:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-01 13:45 . 2009-09-01 13:45 -------- d-----w- c:\documents and settings\Rick\Local Settings\Application Data\Downloaded Installations
2009-08-29 01:11 . 2008-07-26 15:26 4658584 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2009-08-29 01:11 . 2008-07-26 15:26 465432 ----a-r- c:\windows\system32\LVUI2RC.dll
2009-08-29 01:11 . 2008-07-26 15:26 41752 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2009-08-29 01:11 . 2008-07-26 15:26 490008 ----a-r- c:\windows\system32\LVUI2.dll
2009-08-29 01:11 . 2008-07-26 15:23 195096 ----a-r- c:\windows\system32\lvci11801048.dll
2009-08-29 01:11 . 2008-07-26 15:23 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2009-08-29 01:11 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-08-29 01:11 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-08-29 01:11 . 2008-07-26 15:26 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2009-08-29 00:58 . 2009-09-01 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-08-29 00:58 . 2009-08-29 01:11 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-08-29 00:58 . 2009-08-29 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 02:53 . 2004-10-06 03:30 -------- d-----w- c:\program files\Java
2009-09-11 21:40 . 2005-02-09 03:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-11 21:26 . 2009-07-22 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-11 21:24 . 2009-07-22 02:34 -------- d-----w- c:\program files\NOS
2009-09-10 17:50 . 2005-02-09 02:11 64848 ----a-w- c:\documents and settings\Rick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-06 00:34 . 2009-01-25 19:49 -------- d-----w- c:\documents and settings\Rick\Application Data\skypePM
2009-09-05 22:33 . 2009-08-29 01:12 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-09-05 22:32 . 2009-08-29 01:11 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-09-04 03:04 . 2009-01-25 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-01 13:45 . 2005-12-12 23:14 -------- d-----w- c:\program files\Common Files\Logitech
2009-08-29 00:58 . 2005-12-12 23:14 -------- d-----w- c:\program files\Logitech
2009-08-16 19:50 . 2008-12-29 04:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 19:50 . 2008-12-29 04:56 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 19:50 . 2008-12-29 04:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-13 15:25 . 2009-06-12 18:53 -------- d-----w- c:\program files\Opera 10 Beta
2009-08-13 14:58 . 2009-01-24 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-12 02:21 . 2009-08-12 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Borland
2009-08-11 22:33 . 2009-08-11 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 02:09 . 2005-12-26 00:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-24 04:08 . 2004-10-06 03:40 -------- d-----w- c:\program files\MUSICMATCH
2009-07-24 04:08 . 2004-10-06 03:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-24 03:09 . 2009-07-24 03:09 -------- d-----w- c:\documents and settings\Rick\Application Data\Amazon
2009-07-24 03:06 . 2009-07-24 03:06 -------- d-----w- c:\program files\Amazon
2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 16:21 . 2004-08-04 10:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 10:00 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 10:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 10:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 10:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 10:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-17 15:27 . 2009-06-18 23:23 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-06-18 23:23 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2005-11-23 01:08 . 2005-10-02 12:58 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-10_17.31.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-13 19:45 . 2009-09-13 19:45 16384 c:\windows\temp\Perflib_Perfdata_204.dat
+ 2009-09-11 22:28 . 2009-09-11 22:28 85173 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2009-09-11 21:32 . 2009-09-11 21:32 20480 c:\windows\Installer\1e1e48.msi
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-09-12 02:53 . 2009-07-25 09:23 149280 c:\windows\SYSTEM32\javaws.exe
+ 2009-09-12 02:53 . 2009-07-25 09:23 145184 c:\windows\SYSTEM32\javaw.exe
+ 2009-09-12 02:53 . 2009-07-25 09:23 145184 c:\windows\SYSTEM32\java.exe
+ 2009-09-12 02:33 . 2009-09-12 02:33 536576 c:\windows\Installer\410836.msi
+ 2009-01-18 20:05 . 2009-01-18 20:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2009-09-11 21:50 . 2009-09-11 21:50 1697792 c:\windows\Installer\1e1e7f.msp
+ 2009-09-11 21:46 . 2009-09-11 21:46 6653952 c:\windows\Installer\1e1e71.msp
+ 2009-09-11 21:41 . 2009-09-11 21:41 3938816 c:\windows\Installer\1e1e4d.msi
+ 2008-12-18 20:48 . 2008-12-18 20:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-02-27 20:37 . 2009-02-27 20:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-02-02 155648]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-05-12 249856]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832]
"F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-31 1654784]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-11-19 88363]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]
c:\documents and settings\Rick\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2005-2-8 233472]
SDK Tray Menu.lnk - c:\sun\SDK\jdk\bin\javaw.exe [2009-9-11 139264]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-3-20 118784]
Utility Tray.lnk - c:\windows\SYSTEM32\sistray.exe [2004-10-5 335872]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 19:50 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urssq]
[BU]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135649015\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135649015\\ee\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [12/29/2008 12:56 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [12/29/2008 12:56 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/29/2008 12:55 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/29/2008 12:55 AM 297752]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 6:00 AM 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\ziv3fga5.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc838.mail.yahoo.com/mc/welcome?action=&YY=1714853569&ymv=0&noFlush&mcrumb=Fke9xVmcaVv#_pg=showFolder&fid=Inbox&order=down&tt=7&pSize=25&ymv=0&.rand=1491067721&.jsrand=8429800
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\ziv3fga5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-13 15:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3260)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-09-13 15:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-13 19:55
ComboFix2.txt 2009-09-11 21:09
ComboFix3.txt 2009-09-10 17:37
Pre-Run: 25,228,984,320 bytes free
Post-Run: 25,298,022,400 bytes free
261 --- E O F --- 2009-09-10 07:09
Hi,
Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\27FA1E44
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\530D2002
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\710F37D9
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urssq]
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & fresh dds.txt log. How's the system running?
Smithbro
2009-09-14, 21:25
System seems to be running A-OK. No glitches other than friggin Yahoo email refusing to hold onto my login & password......
ComboFix 09-09-14.01 - Rick 09/14/2009 14:52.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.445.251 [GMT -4:00]
Running from: c:\documents and settings\Rick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rick\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\program files\Norton SystemWorks\Norton Antivirus\Quarantine\27FA1E44"
"c:\program files\Norton SystemWorks\Norton Antivirus\Quarantine\530D2002"
"c:\program files\Norton SystemWorks\Norton Antivirus\Quarantine\710F37D9"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((( Files Created from 2009-08-14 to 2009-09-14 )))))))))))))))))))))))))))))))
.
2009-09-12 02:34 . 2009-07-25 09:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-12 01:29 . 2009-09-12 01:29 -------- d-----w- C:\Sun
2009-09-10 14:55 . 2009-09-10 14:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-10 05:37 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-10 05:19 . 2009-09-10 05:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-09-09 19:19 . 2009-09-09 19:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2009-09-09 18:19 . 2009-09-09 18:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-09-09 18:10 . 2009-09-09 18:10 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-08 01:11 . 2009-09-08 01:11 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-06 03:56 . 2009-09-06 03:56 -------- d-----w- c:\documents and settings\Rick\Application Data\Safer Networking
2009-09-06 03:47 . 2009-09-10 15:17 -------- d-----w- c:\program files\KnightHop
2009-09-06 03:32 . 2009-09-06 03:35 -------- d-----w- c:\program files\Safer Networking
2009-09-04 12:39 . 2009-09-04 12:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-01 13:45 . 2009-09-01 13:45 -------- d-----w- c:\documents and settings\Rick\Local Settings\Application Data\Downloaded Installations
2009-08-29 01:11 . 2008-07-26 15:26 4658584 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2009-08-29 01:11 . 2008-07-26 15:26 465432 ----a-r- c:\windows\system32\LVUI2RC.dll
2009-08-29 01:11 . 2008-07-26 15:26 41752 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2009-08-29 01:11 . 2008-07-26 15:26 490008 ----a-r- c:\windows\system32\LVUI2.dll
2009-08-29 01:11 . 2008-07-26 15:23 195096 ----a-r- c:\windows\system32\lvci11801048.dll
2009-08-29 01:11 . 2008-07-26 15:23 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2009-08-29 01:11 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-08-29 01:11 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-08-29 01:11 . 2008-07-26 15:26 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2009-08-29 00:58 . 2009-09-01 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-08-29 00:58 . 2009-08-29 01:11 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-08-29 00:58 . 2009-08-29 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 02:53 . 2004-10-06 03:30 -------- d-----w- c:\program files\Java
2009-09-11 21:40 . 2005-02-09 03:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-11 21:26 . 2009-07-22 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-11 21:24 . 2009-07-22 02:34 -------- d-----w- c:\program files\NOS
2009-09-10 17:50 . 2005-02-09 02:11 64848 ----a-w- c:\documents and settings\Rick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-06 00:34 . 2009-01-25 19:49 -------- d-----w- c:\documents and settings\Rick\Application Data\skypePM
2009-09-05 22:33 . 2009-08-29 01:12 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-09-05 22:32 . 2009-08-29 01:11 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-09-04 03:04 . 2009-01-25 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-01 13:45 . 2005-12-12 23:14 -------- d-----w- c:\program files\Common Files\Logitech
2009-08-29 00:58 . 2005-12-12 23:14 -------- d-----w- c:\program files\Logitech
2009-08-16 19:50 . 2008-12-29 04:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 19:50 . 2008-12-29 04:56 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 19:50 . 2008-12-29 04:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-13 15:25 . 2009-06-12 18:53 -------- d-----w- c:\program files\Opera 10 Beta
2009-08-13 14:58 . 2009-01-24 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-12 02:21 . 2009-08-12 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Borland
2009-08-11 22:33 . 2009-08-11 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 02:09 . 2005-12-26 00:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-24 04:08 . 2004-10-06 03:40 -------- d-----w- c:\program files\MUSICMATCH
2009-07-24 04:08 . 2004-10-06 03:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-24 03:09 . 2009-07-24 03:09 -------- d-----w- c:\documents and settings\Rick\Application Data\Amazon
2009-07-24 03:06 . 2009-07-24 03:06 -------- d-----w- c:\program files\Amazon
2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 16:21 . 2004-08-04 10:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 10:00 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 10:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 10:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 10:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 10:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-17 15:27 . 2009-06-18 23:23 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-06-18 23:23 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2005-11-23 01:08 . 2005-10-02 12:58 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-10_17.31.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-14 19:04 . 2009-09-14 19:04 16384 c:\windows\temp\Perflib_Perfdata_790.dat
+ 2009-09-11 22:28 . 2009-09-11 22:28 85173 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2009-09-11 21:32 . 2009-09-11 21:32 20480 c:\windows\Installer\1e1e48.msi
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-09-12 02:53 . 2009-07-25 09:23 149280 c:\windows\SYSTEM32\javaws.exe
+ 2009-09-12 02:53 . 2009-07-25 09:23 145184 c:\windows\SYSTEM32\javaw.exe
+ 2009-09-12 02:53 . 2009-07-25 09:23 145184 c:\windows\SYSTEM32\java.exe
+ 2009-09-12 02:33 . 2009-09-12 02:33 536576 c:\windows\Installer\410836.msi
+ 2009-01-18 20:05 . 2009-01-18 20:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2009-09-11 21:50 . 2009-09-11 21:50 1697792 c:\windows\Installer\1e1e7f.msp
+ 2009-09-11 21:46 . 2009-09-11 21:46 6653952 c:\windows\Installer\1e1e71.msp
+ 2009-09-11 21:41 . 2009-09-11 21:41 3938816 c:\windows\Installer\1e1e4d.msi
+ 2008-12-18 20:48 . 2008-12-18 20:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-02-27 20:37 . 2009-02-27 20:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-02-02 155648]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-05-12 249856]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832]
"F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-31 1654784]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-11-19 88363]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]
c:\documents and settings\Rick\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2005-2-8 233472]
SDK Tray Menu.lnk - c:\sun\SDK\jdk\bin\javaw.exe [2009-9-11 139264]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-3-20 118784]
Utility Tray.lnk - c:\windows\SYSTEM32\sistray.exe [2004-10-5 335872]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 19:50 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135649015\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135649015\\ee\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [12/29/2008 12:56 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [12/29/2008 12:56 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/29/2008 12:55 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/29/2008 12:55 AM 297752]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 6:00 AM 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\ziv3fga5.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc838.mail.yahoo.com/mc/welcome?action=&YY=1714853569&ymv=0&noFlush&mcrumb=Fke9xVmcaVv#_pg=showFolder&fid=Inbox&order=down&tt=7&pSize=25&ymv=0&.rand=1491067721&.jsrand=8429800
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\ziv3fga5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -
AddRemove-BroadJump Client Foundation - c:\windows\IsUninst.exe -fc:\program files\BroadJump\Client Foundation\Uninst.isu -cc:\program files\BroadJump\Client Foundation\RmvBJCFD.dll
AddRemove-CANONBJ_Deinstall_CNMCP4b.DLL - c:\windows\system32\CNMCP4b.exe -PRINTERNAMECanon i850 -HELPERDLLc:\bjprinter\CNMWINDOWS\Canon i850 Installer\Inst2\cnmis.dll
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-Win Police Pro - c:\program files\Windows Police Pro\AntiSpyware_Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-14 15:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(5560)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Apoint\ApntEx.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
.
**************************************************************************
.
Completion time: 2009-09-14 15:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-14 19:15
ComboFix2.txt 2009-09-13 19:55
ComboFix3.txt 2009-09-11 21:09
ComboFix4.txt 2009-09-10 17:37
Pre-Run: 25,591,083,008 bytes free
Post-Run: 25,549,606,912 bytes free
251 --- E O F --- 2009-09-10 07:09
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/9/2005 4:15:02 AM
System Uptime: 9/14/2009 3:03:54 PM (0 hours ago)
Motherboard: Quanta Computer | | Inspiron 1000
Processor: Mobile Intel(R) Celeron(R) CPU 2.20GHz | Socket 478/423 | 2191/mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 35 GiB total, 23.82 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 9/10/2009 2:01:02 AM - System Checkpoint
RP2: 9/10/2009 3:00:23 AM - Software Distribution Service 3.0
RP3: 9/11/2009 5:17:29 PM - Removed Adobe Reader 7.0
RP4: 9/11/2009 5:38:41 PM - Installed Adobe Reader 9.1.
RP5: 9/11/2009 9:19:47 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP6: 9/11/2009 10:33:18 PM - Installed Java(TM) 6 Update 14
RP7: 9/11/2009 10:52:41 PM - Installed Java(TM) 6 Update 15
RP8: 9/13/2009 5:28:43 PM - System Checkpoint
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
Amazon MP3 Downloader 1.0.5
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
Belkin 54g USB Network Adapter
Belkin 54Mbps Wireless Network Adapter
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator 2.0
Canon MP450
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Dell Digital Jukebox Driver
Dell System Restore
Easy-WebPrint
Get High Speed Internet!
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Diagnostic Assistant
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java Platform, Enterprise Edition 5 SDK
Java(TM) 6 Update 15
Learn2 Player (Uninstall Only)
Logitech MouseWare 9.79
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Publisher for Windows 95
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 4.0
Modem Helper
Modem on Hold
Motorola Driver Installation 3.7.0
Motorola Phone Tools
Motorola Software Update
Mozilla Firefox (3.0.14)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Olympus Digital Wave Player
Overland
Palm Desktop
PowerDVD 5.1
QuickBooks Pro Edition 2003
QuickTime
RealPlayer Basic
RegAlyzer
RunAlyzer
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
Spybot - Search & Destroy
TweetDeck
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows XP Service Pack 3
WordPerfect Office 12
==== Event Viewer Messages From Past Week ========
9/9/2009 8:37:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/8/2009 8:10:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
9/8/2009 8:10:38 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/8/2009 8:10:38 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/8/2009 8:10:38 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/8/2009 8:10:38 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
9/8/2009 8:10:38 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/8/2009 8:10:38 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:08:19 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/14/2009 2:53:07 PM, error: Service Control Manager [7000] - The Belkin Wireless USB Network Adapter service failed to start due to the following error: The pipe has been ended.
9/13/2009 3:41:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Belkin Wireless USB Network Adapter service to connect.
9/13/2009 3:41:54 PM, error: Service Control Manager [7000] - The Belkin Wireless USB Network Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/13/2009 3:18:28 PM, error: Service Control Manager [7031] - The Belkin Wireless USB Network Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
9/13/2009 3:17:33 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/11/2009 9:20:38 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
9/11/2009 5:01:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
9/11/2009 5:01:34 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
9/11/2009 5:01:34 PM, error: Service Control Manager [7022] - The Process Monitor service hung on starting.
9/11/2009 10:41:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
9/11/2009 10:41:43 PM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/10/2009 5:39:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 Beep cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
9/10/2009 5:37:12 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
9/10/2009 11:06:59 AM, error: Service Control Manager [7000] - The AntipyProex service failed to start due to the following error: The system cannot find the file specified.
9/10/2009 11:02:49 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/10/2009 10:55:41 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
9/10/2009 1:23:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG Free8 E-mail Scanner service to connect.
9/10/2009 1:23:07 AM, error: Service Control Manager [7000] - The AVG Free8 E-mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
==== End Of File ===========================
DDS (Ver_09-07-30.01) - NTFSx86
Run by Rick at 15:17:27.38 on Mon 09/14/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.445.159 [GMT -4:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\WINDOWS\SYSTEM32\sistray.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Documents and Settings\Rick\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\documents and settings\rick\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\rick\startm~1\programs\startup\sdktra~1.lnk - c:\sun\sdk\jdk\bin\javaw.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\rick\applic~1\mozilla\firefox\profiles\ziv3fga5.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc838.mail.yahoo.com/mc/welcome?action=&YY=1714853569&ymv=0&noFlush&mcrumb=Fke9xVmcaVv#_pg=showFolder&fid=Inbox&order=down&tt=7&pSize=25&ymv=0&.rand=1491067721&.jsrand=8429800
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\rick\application data\mozilla\firefox\profiles\ziv3fga5.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-29 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-29 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-29 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-29 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-29 297752]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]
=============== Created Last 30 ================
2009-09-11 22:34 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 22:34 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-11 21:32 23,108 a------- c:\windows\system32\productregistry
2009-09-11 21:29 <DIR> --d----- C:\Sun
2009-09-10 13:15 <DIR> a-dshr-- C:\cmdcons
2009-09-10 13:14 229,888 a------- c:\windows\PEV.exe
2009-09-10 13:14 161,792 a------- c:\windows\SWREG.exe
2009-09-10 13:14 98,816 a------- c:\windows\sed.exe
2009-09-10 03:08 671 a------- c:\windows\system32\MRT.INI
2009-09-10 01:37 17,869 a------- c:\windows\ymate.lib
2009-09-10 01:37 15,610 a------- c:\windows\system32\abywaduk.lib
2009-09-10 01:37 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-05 23:56 <DIR> --d----- c:\docume~1\rick\applic~1\Safer Networking
2009-09-05 23:47 <DIR> --d----- c:\program files\KnightHop
2009-09-05 23:32 <DIR> --d----- c:\program files\Safer Networking
2009-08-28 21:11 4,658,584 a----r-- c:\windows\system32\drivers\lvuvc.sys
==================== Find3M ====================
2009-09-05 18:33 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-09-05 18:32 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-08-16 15:50 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-16 15:50 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-07-12 12:21 4,874,240 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-12 12:21 233,472 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 09:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-22 02:44 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2005-11-22 21:08 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 15:17:57.39 ===============
No glitches other than friggin Yahoo email refusing to hold onto my login & password......
Was that issue introduced during the cleaning process? Does it do this on both IE and Firefox? Try to clear browser cache to see if it helps.
Smithbro
2009-09-15, 17:38
Yes it looks as if something has changed within the Firefox-Yahoo login procedure. Checked the Options and everything "seems" to be Ok, also cleared the cache and it still won't go directly to my home page. IE has no issue with it a-ok. Not a big problem, can live with it, but will it pose a problem in the future?
Hi,
If it worked earlier ok I'd reinstall Firefox. This time you could install version of new 3.5.x series.
Smithbro
2009-09-16, 00:08
I will give the reinstall a try. Are we done yet???????
Thanks, Rick
Are we done yet???????
Yes, I believe it's time for the final steps :)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /u in the runbox and click OK
Next we remove all used tools.
Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
GMER file, DDS and HijackThis can be removed too.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this (http://www.bleepingcomputer.com/forums/tutorial60.html) webpage out.
If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free (http://www.tallemu.com/free-firewall-protection-software.html) or Comodo Firewall Pro (http://www.personalfirewall.comodo.com/download_firewall.html#fw3.0) (If you choose Comodo: Uncheck during installation "Install Comodo HopSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and install firewall ONLY!). Both providers have support forums that help with configuration related questions.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Smithbro
2009-09-17, 21:48
Thanks Blade for your help!
Cleaned up everything and downloaded hosts file. Will most definitly do a better job with checking updates on all critical components.
Question about the firewall; Is this in addition to Windows Firewall (which is always "on")?
Also: On my desktop computer, I have tried to update Windows but I keep getting the "Access is denied" error window. I went to the Knowledge Base forums and found out trying to download the entire SP3 package will do the trick. The only problem that I am trying to overcome is backing the computer up. If I try to backup the entire computer there ain't no way in h#*! that I have the capacity to do that on my DVD drive. Do you recommend backing up just the critical portions, i.e. registries, etc., saving my photos and documents, and then installing the update. Or should I just install the thing and go for broke????
Rick
Question about the firewall; Is this in addition to Windows Firewall (which is always "on")?
3rd party firewall disables (or at least it should) Windows Firewall when installed.
Also: On my desktop computer, I have tried to update Windows but I keep getting the "Access is denied" error window. I went to the Knowledge Base forums and found out trying to download the entire SP3 package will do the trick. The only problem that I am trying to overcome is backing the computer up. If I try to backup the entire computer there ain't no way in h#*! that I have the capacity to do that on my DVD drive. Do you recommend backing up just the critical portions, i.e. registries, etc., saving my photos and documents, and then installing the update. Or should I just install the thing and go for broke????
Is this same or different system that we dealt with in this topic? If you have external usb drive I'd backup important things like photos, music and videos to it.
Smithbro
2009-09-18, 17:20
I will download one of the suggested firewall, thanks. Yes, the SP3 download problem is a different computer, but don't worry about it. I will play around with it and see what I can come up with. Oh by the way, I did reactivate TeaTimer (forgot about it..). Thanks again and I will keep you posted.
Ok. Shall wait for a few days before closing this :)
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.